Sectigo CMS PKI

Prerequisites

  • For publicly trusted certificates, you need to validate the domain(s) for which you will issue certificates prior to their issuance.

  • You need to retrieve the customerUri and the organizationId from Sectigo CMS.

  • You need to create a technical account with appropriate permissions including the allow ssl auto approve permission. You need to set a password for the technical account.

Limitations

  • Only the subjectAltName DNS field is managed.

  • The certificate Subject DN will be set to whatever is specified in the PKCS#10 CSR.

  • All limitations induced by the use of the Sectigo CMS REST Connector.

Create the PKI connector

1. Log in to Horizon Administration Interface.

2. Access PKI from the drawer or card: PKI  PKI Connectors.

3. Click on Add icon.

4. Select the correct PKI type.

5. Click on the next button

General tab

6. Fill in the common mandatory fields:

  • Connector Name* (string input):
    Choose a meaningful connector name allowing to identify the mapping between the PKI and the Certificate Profile. It must be unique and must not contain spaces.

  • Proxy (string select):
    If the PKI is not directly reachable from Horizon, you can set up an HTTP/HTTPS proxy to properly forward the traffic.

  • PKI Queue (string select):
    The PKI Queue used to manage the PKI Requests (enrollment, revocation).

  • Timeout (finite duration):
    Represents a predefined interval of time without a PKI response, when the time has passed "Horizon" will cease trying to establish the communication. Must be a valid finite duration.

7. Click on the next button

Details tab

8. Fill in all mandatory fields:

  • Customer URI* (string input):
    Enter the Customer URI. An integer is expected.

  • Organization ID* (int input):
    Enter the Organization ID.

  • Profile (Certificate Type)* (string input):
    Enter the Profile (Certificate Type). An integer is expected.

  • Retry interval (finite duration):
    Predefined interval of time before retrying to retrieve the certificate from Sectigo. Must be a valid finite duration. No default value is set.

  • Valid Days (finite duration):
    Certificate validity duration in days. Must be a valid finite duration. No default value is set.

9. Click on the next button.

Authentication tab

10. Fill in the PKI-authentication fields:

  • Login* (string input):
    Enter your Sectigo CMS login.

  • Password* (string input):
    Enter your Sectigo CMS password.

11. Click on the save button.

You can edit Edit PKI, duplicate Duplicate PKI or delete Delete PKI the Sectigo CMS PKI connector.